VYPR

Terrascan

by Tenable

Source repositories

CVEs (3)

  • CVE-2026-47358HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced…

  • CVE-2026-47357HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an…

  • CVE-2026-47356HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary…

VYPR — Vulnerability Intelligence